How TraCarta collects, uses, protects and retires personal data, written to the standard of the Digital Personal Data Protection Act, 2023, and to our own: data is handled for one purpose, inside one perimeter, for no longer than the work requires.
TraCarta India Private Limited ("TraCarta", "we", "us") is a specialist professional-services firm, established in Gurgaon in 2018, engaged in the reconciliation of airline Goods and Services Tax and the recovery of Input Tax Credit for businesses in India. For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDP Act"), TraCarta acts as a Data Fiduciary for data collected through this website, and ordinarily as a Data Processor for personal data contained in client engagement materials, processing it on our clients' documented instructions.
We collect only what the work requires:
We do not collect data speculatively, and we do not purchase, rent or scrape personal data from any source.
Personal data is processed for enumerated purposes only:
We do not use personal data for advertising, profiling, or sale to any party, in any circumstance. Engagement data is used solely to deliver the contracted service to the client who supplied it.
We process website data on the basis of your consent, given when you submit a form, and withdrawable at any time. We process engagement data on the basis of the contract with our client and their lawful instructions, and where applicable for compliance with legal obligations under Indian tax law. Where the DPDP Act requires notice or consent from data principals, responsibility is allocated between TraCarta and the client in the engagement agreement.
We share personal data only in the narrow channels the work requires:
We never disclose one client's data to another. We have no data-sharing arrangements with advertisers or data brokers.
Engagement data lives inside a defined perimeter: encrypted in transit and at rest, access-limited to personnel assigned to the engagement, logged, and segregated by client. Our security practices are described further on our Security & Trust page. No method of storage or transmission is perfectly secure; we design so that any single failure is contained, detected and answerable.
We retain personal data no longer than the purpose requires. Website enquiries are retained for up to 24 months. Engagement data is retained for the duration of the engagement and any period required by Indian tax and audit law, after which it is securely destroyed or returned as the engagement agreement directs. Retention schedules for personally identifiable information are detailed in our PII Policy.
Subject to the DPDP Act and applicable law, you may request: access to the personal data we hold about you; correction or completion of inaccurate data; erasure where the data is no longer necessary; and grievance redressal. Where we act as processor for a client, we will refer or coordinate your request with that client as the law requires. Requests are made to the contact in Section 10 and are answered within statutory timelines.
Our services and website are directed at businesses and working professionals. We do not knowingly collect the personal data of children, and our engagements do not involve it.
Questions, requests or grievances under this policy may be addressed to our Grievance Officer at legal@tracarta.in or by post to our registered office in Gurugram, Haryana. We acknowledge grievances promptly and aim to resolve them within the timelines prescribed under applicable law.
Grievance Officer: [Name]reachable at the address above.
When this policy changes, the effective date above changes with it, and material changes are flagged on this page. The current version is always the one published here. Continued use of the website after a change constitutes acceptance of the revised policy.